You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Jim Jagielski <ji...@jaguNET.com> on 2018/10/15 15:07:48 UTC
Re: svn commit: r1843917 - /httpd/test/framework/trunk/t/ssl/ocsp.t
-1 (veto)
Please revert. 'list' is NOT a command and this causes OCSP to be skipped.
% openssl version
OpenSSL 1.0.2p 14 Aug 2018
% openssl list -commands
openssl:Error: 'list' is an invalid command.
Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dh
dhparam dsa dsaparam ec
ecparam enc engine errstr
gendh gendsa genpkey genrsa
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand req
rsa rsautl s_client s_server
s_time sess_id smime speed
spkac srp ts verify
version x509
Message Digest commands (see the `dgst' command for more details)
md4 md5 mdc2 rmd160
sha sha1
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb base64 bf
bf-cbc bf-cfb bf-ecb bf-ofb
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
camellia-256-cbc camellia-256-ecb cast cast-cbc
cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des des-cbc des-cfb des-ecb
des-ede des-ede-cbc des-ede-cfb des-ede-ofb
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx idea
idea-cbc idea-cfb idea-ecb idea-ofb
rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
rc2-cfb rc2-ecb rc2-ofb rc4
rc4-40 seed seed-cbc seed-cfb
seed-ecb seed-ofb zlib
% openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
% openssl list -commands
openssl:Error: 'list' is an invalid command.
Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dh
dhparam dsa dsaparam ec
ecparam enc engine errstr
gendh gendsa genpkey genrsa
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand req
rsa rsautl s_client s_server
s_time sess_id smime speed
spkac ts verify version
x509
Message Digest commands (see the `dgst' command for more details)
md2 md4 md5 rmd160
sha sha1
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb base64 bf
bf-cbc bf-cfb bf-ecb bf-ofb
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
camellia-256-cbc camellia-256-ecb cast cast-cbc
cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des des-cbc des-cfb des-ecb
des-ede des-ede-cbc des-ede-cfb des-ede-ofb
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx idea
idea-cbc idea-cfb idea-ecb idea-ofb
rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
rc2-cfb rc2-ecb rc2-ofb rc4
rc4-40 seed seed-cbc seed-cfb
seed-ecb seed-ofb zlib
> On Oct 15, 2018, at 10:55 AM, wrowe@apache.org wrote:
>
> Author: wrowe
> Date: Mon Oct 15 14:55:27 2018
> New Revision: 1843917
>
> URL: http://svn.apache.org/viewvc?rev=1843917&view=rev
> Log:
> Revert r1832567, r1843476, r1843478
>
> Restore jorton's detection from r1831398, and portably redirect stderr
> to capture and evaluate the available command list,
> from either stdout (1.1.0 and later) or stderr (1.0.2 and prior).
>
>
> Modified:
> httpd/test/framework/trunk/t/ssl/ocsp.t
>
> Modified: httpd/test/framework/trunk/t/ssl/ocsp.t
> URL: http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/ssl/ocsp.t?rev=1843917&r1=1843916&r2=1843917&view=diff
> ==============================================================================
> --- httpd/test/framework/trunk/t/ssl/ocsp.t (original)
> +++ httpd/test/framework/trunk/t/ssl/ocsp.t Mon Oct 15 14:55:27 2018
> @@ -21,7 +21,7 @@ Apache::TestRequest::module('ssl_ocsp');
> # support in earlier versions without messing around with stderr
> my $openssl = Apache::TestSSLCA::openssl();
> if (!have_min_apache_version('2.4.26')
> - or system("$openssl ocsp 2>/dev/null") == 0) {
> + or `$openssl list -commands 2>&1` !~ /ocsp/) {
> print "1..0 # skip: No OpenSSL or mod_ssl OCSP support";
> exit 0;
> }
>
>
Re: svn commit: r1843917 - /httpd/test/framework/trunk/t/ssl/ocsp.t
Posted by William A Rowe Jr <wr...@rowe-clan.net>.
I see 'ocsp' in both lists, and 2>&1 redirects stderr to stdout
unambiguously,
resulting in correct evaluation of the `openssl list 2>&1` ~! /ocsp/ match.
I will proceed with your veto to remove my " 2>&1" addition, restoring
the original test by jorton, if you would like, and leave this file to
others
willing to solve it for the entire developer community and to conduct
themselves appropriately, and we can take our hands off this file.
Or you may rescind your veto if this passes your evaluation.
His test did not necessarily pass the stderr results for regex evaluation,
leaving this compatible with OpenSSL 1.1.0+ only.
You can use
perl -e 'print "nope\n" if (`openssl list -help 2>&1` !~ /ocsp/);'
to evaluate my logic, and repeat while omitting the 2>&1 redirection
to evaluate jorton's original logic.
On Mon, Oct 15, 2018 at 10:07 AM Jim Jagielski <ji...@jagunet.com> wrote:
> -1 (veto)
>
> Please revert. 'list' is NOT a command and this causes OCSP to be skipped.
>
> % openssl version
> OpenSSL 1.0.2p 14 Aug 2018
> % openssl list -commands
> openssl:Error: 'list' is an invalid command.
>
> Standard commands
> asn1parse ca ciphers cms
> crl crl2pkcs7 dgst dh
> dhparam dsa dsaparam ec
> ecparam enc engine errstr
> gendh gendsa genpkey genrsa
> nseq ocsp passwd pkcs12
> pkcs7 pkcs8 pkey pkeyparam
> pkeyutl prime rand req
> rsa rsautl s_client s_server
> s_time sess_id smime speed
> spkac srp ts verify
> version x509
>
> Message Digest commands (see the `dgst' command for more details)
> md4 md5 mdc2 rmd160
> sha sha1
>
> Cipher commands (see the `enc' command for more details)
> aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
> aes-256-cbc aes-256-ecb base64 bf
> bf-cbc bf-cfb bf-ecb bf-ofb
> camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
> camellia-256-cbc camellia-256-ecb cast cast-cbc
> cast5-cbc cast5-cfb cast5-ecb cast5-ofb
> des des-cbc des-cfb des-ecb
> des-ede des-ede-cbc des-ede-cfb des-ede-ofb
> des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
> des-ofb des3 desx idea
> idea-cbc idea-cfb idea-ecb idea-ofb
> rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
> rc2-cfb rc2-ecb rc2-ofb rc4
> rc4-40 seed seed-cbc seed-cfb
> seed-ecb seed-ofb zlib
>
>
> % openssl version
> OpenSSL 1.0.1e-fips 11 Feb 2013
> % openssl list -commands
> openssl:Error: 'list' is an invalid command.
>
> Standard commands
> asn1parse ca ciphers cms
> crl crl2pkcs7 dgst dh
> dhparam dsa dsaparam ec
> ecparam enc engine errstr
> gendh gendsa genpkey genrsa
> nseq ocsp passwd pkcs12
> pkcs7 pkcs8 pkey pkeyparam
> pkeyutl prime rand req
> rsa rsautl s_client s_server
> s_time sess_id smime speed
> spkac ts verify version
> x509
>
> Message Digest commands (see the `dgst' command for more details)
> md2 md4 md5 rmd160
> sha sha1
>
> Cipher commands (see the `enc' command for more details)
> aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
> aes-256-cbc aes-256-ecb base64 bf
> bf-cbc bf-cfb bf-ecb bf-ofb
> camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
> camellia-256-cbc camellia-256-ecb cast cast-cbc
> cast5-cbc cast5-cfb cast5-ecb cast5-ofb
> des des-cbc des-cfb des-ecb
> des-ede des-ede-cbc des-ede-cfb des-ede-ofb
> des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
> des-ofb des3 desx idea
> idea-cbc idea-cfb idea-ecb idea-ofb
> rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
> rc2-cfb rc2-ecb rc2-ofb rc4
> rc4-40 seed seed-cbc seed-cfb
> seed-ecb seed-ofb zlib
>
> > On Oct 15, 2018, at 10:55 AM, wrowe@apache.org wrote:
> >
> > Author: wrowe
> > Date: Mon Oct 15 14:55:27 2018
> > New Revision: 1843917
> >
> > URL: http://svn.apache.org/viewvc?rev=1843917&view=rev
> > Log:
> > Revert r1832567, r1843476, r1843478
> >
> > Restore jorton's detection from r1831398, and portably redirect stderr
> > to capture and evaluate the available command list,
> > from either stdout (1.1.0 and later) or stderr (1.0.2 and prior).
> >
> >
> > Modified:
> > httpd/test/framework/trunk/t/ssl/ocsp.t
> >
> > Modified: httpd/test/framework/trunk/t/ssl/ocsp.t
> > URL:
> http://svn.apache.org/viewvc/httpd/test/framework/trunk/t/ssl/ocsp.t?rev=1843917&r1=1843916&r2=1843917&view=diff
> >
> ==============================================================================
> > --- httpd/test/framework/trunk/t/ssl/ocsp.t (original)
> > +++ httpd/test/framework/trunk/t/ssl/ocsp.t Mon Oct 15 14:55:27 2018
> > @@ -21,7 +21,7 @@ Apache::TestRequest::module('ssl_ocsp');
> > # support in earlier versions without messing around with stderr
> > my $openssl = Apache::TestSSLCA::openssl();
> > if (!have_min_apache_version('2.4.26')
> > - or system("$openssl ocsp 2>/dev/null") == 0) {
> > + or `$openssl list -commands 2>&1` !~ /ocsp/) {
> > print "1..0 # skip: No OpenSSL or mod_ssl OCSP support";
> > exit 0;
> > }
> >
> >
>
>